My First, Failed Attempt At A Chrome Extension

Programming is a massive part of my working life. Regardless of what I'm doing on my PC, in the back of my mind, I'll be thinking of a program or script that could make whatever I'm doing easier. Any repetitive task that requires a series of similar actions is immediately broken down by the little decompiler in my brain and translated into pseudo-code, ready for input into my language of choice. Recently, I decide to convert one of my programs into a Chrome extension, mainly to familiarise myself with the process. Despite my efforts, however, I failed miserably.

The program I selected was written in C#, and runs in the background while I edit Lifehacker. It is not overly fancy; it monitors the clipboard and uses regular expressions to detect certain bits of HTML. When it finds a match, it converts this HTML into a custom format used by our back-end. This allows me to do a simple Ctrl-X, Ctrl-V to convert any offending piece of HTML quickly into something the content management system understands.

It also converts links from Google into actual URLs — go ahead, try and copy a link from a Google search and paste it. The result won't be what you expect. There's even a feature that automatically converts clipboard URLs into Bit.ly links, complete with the web page title of the URL, ready for posting on social networking sites.

Adding up the time it's saved me so far would easily run into hours.

Anyway, as I said, all it really does is keep an eye on the clipboard and perform some simple text replacement routines. This, I thought, would be easy to port to a Chrome extension.

Nope.

Getting stared on your own Chrome extension is straightforward — Google's own beginner's guide provides you with the basic code and files to get you up and running in minutes. Chrome comes with its own Javascript debugger, so you can place breakpoints in your script files and monitor variables, while the element inspector takes care of spying on the physical design of pop-ups and the like.

What you don't get is a development environment, though that's hardly surprising. You can grab Notepad++ or PSPad, if you require syntax highlighting. In a spot, vanilla Notepad — or any text editor — will do. Really, whatever IDE you like best is more than good enough.

The problems I encountered were caused by my transition from the comparatively open and unsecured C# / .NET environment, to the tightly-controlled, sand-boxed arena of the modern browser, where even reading the clipboard is subject to intense scrutiny.

In C#, reading / writing to the clipboard is achieved like so:
string s = Clipboard.GetText();
s = "Frogs!";
Clipboard.SetText(s); // You could use this directly as well.

In Javascript, methods do exist that are similar, but for security reasons, don't actually do anything when running in a modern browser such as Chrome. What you have to do with an extension is first ask for permission via the manifest.json file, which is packed in with the extension payload. Then, you hook up event listeners for the copy and paste actions performed by the user. Finally, when an event does fire, you have to funnel the request to a HTML page running in the background of your extension, where you can finally read the clipboard.

Except that to change the text, you need an input field on the background page in which to paste the clipboard to first. You can then change the text, before reading it back onto the clipboard with a copy command.

I know security is paramount, but really, this just seems extreme. The really silly part is that people have been using Flash to get around this, and when it comes to security, well, Flash is certainly no darling. I would go as far to say the act of locking down the browser in this fashion promotes bad behaviour as coders look for workarounds.

It would make sense, to me, to just support the basic Javascript clipboard functions, but lock them down so they can't be used in an unsecured way. The extension needs user permissions to manipulate the clipboard — surely this is enough of a guardian?

Of course, having to dance with the clipboard didn't put me off immediately, it was the other limitations I eventually encountered. In the end, it was enough to make me stick with C#, as getting what I wanted accomplished in .NET didn't require jumping through a hundred hoops.

It could be argued that, if I was hitting so many walls bringing my program across to Javascript as an extension, then it probably shouldn't be an extension in the first place. And that's a fair argument. I just wish that simple, relatively harmless actions, such as altering the clipboard, weren't so tied up in security measures.

I'm keen to write an extension in the future, though I feel like I'll have to set my sights lower if I want to actually finish it.

Comments

I expect my browser to be totally secure and locked down - it is my gateway to the nasty WWW. Why not just write an OS app - why does it have to be in your browser? I don't want chrome and others opening up more OS functionality, it just creates more vulnerabilities.
Just sounds like "waah

I'm happy that the browser is secure and you failed at doing this. Why not just be happy and write an OS app? Browsers have a long history of being insecure and I'm glad they don't open these kind of features just for a few propellorgeass

The mistake is people think the web is a replacement for applications. You will never has as much control doing things through a web browser (be that via a web page or an extension) then you will by using a full blown application (even various applications have limitation).

I don't see the need for this type of functionality to be implemented in a chrome extension. 'copy paste' should not be accessible from a browser app as it is fundamental an OS function, yes I can see uses by it been used by an extension but monitoring the clipboard can be seen as suspicious by AV software and for good reason. This type of functionality should be a executed from a standalone application and asked for user permission and scanned by AV, both of which are usually bypassed by chome extensions.

Down Votes

Only logged in users may vote for comments!

Get Permalink

Trending Stories Right Now

As the copper phone network goes from bad to worse, decent broadband is still years away for many Australians. If your phone line is slowly failing but the NBN is still years from your street, what's your fallback broadband plan? As I personally discovered, the available options aren't great...

TPG currently stands as the second largest internet service provider (ISP) in Australia and is a force to be reckoned with in the telecommunications industry. Its rapid growth is mainly attributed to strategic acquisitions it has made in recent years. One of those acquisitions was iiNet, an ISP that boasted high customer satisfaction rates and was well-respected in the telco community.
It has been over a year since TPG bought iiNet and the situation looks bleak for the ISP that was once the darling of the telco industry. Most recently, iiNet's Sydney office was shut down and most of the staff were made redundant. We spoke to one former iiNet employee to get the insider story on the aftermath of the TPG acquisition. We also spoke with iiNet to get its side of the story.